smeserver-koji/koji-setup/koji-add-user.sh

97 lines
2.5 KiB
Bash
Raw Normal View History

2023-09-05 10:07:45 +02:00
#!/bin/bash
set -e
DEBUG=
SILENT="-s"
QUIET="-q"
2023-11-04 23:40:25 +01:00
for param in "$@" ; do
2023-09-05 10:07:45 +02:00
if [ $param ] ; then
case $param in
debug )
DEBUG="debug" ;;
2023-11-04 23:40:25 +01:00
permission=* )
NEW_PERMS=${param#*=} ;;
help | -h | --help )
echo "koji-add-user.sh <user> [permission=<permission> | debug]" ;;
* )
NEW_USER=$param ;;
2023-09-05 10:07:45 +02:00
esac
else
break
fi
done
if [ $DEBUG ] ; then
set -xe
SILENT=
QUIET="-v"
fi
# load required parameters
SCRIPT_DIR="$(echo ~)/bin"
if [ ! -f "$SCRIPT_DIR"/koji-parameters.sh ] ; then
echo "$SCRIPT_DIR/koji-parameters.sh NOT found - aborting"
exit 1
fi
source "$SCRIPT_DIR"/koji-parameters.sh
KOJI_HUB_FQDN="$(hostname -f)"
# pull down any required scripts
if [ ! -d $SCRIPT_DIR ] ; then mkdir -p $SCRIPT_DIR ; fi
if [ ! -f $SCRIPT_DIR/koji-gencert.sh ] ; then
curl $SILENT $SCRIPT_GIT/koji-gencert.sh > $SCRIPT_DIR/koji-gencert.sh
2023-09-28 13:17:09 +02:00
chmod o+x $SCRIPT_DIR/koji-gencert.sh
2023-09-05 10:07:45 +02:00
fi
# Add the new user into the database
sudo -u kojiadmin koji add-user "$NEW_USER"
2023-09-05 10:16:44 +02:00
if [ $NEW_PERMS ] ; then
sudo -u kojiadmin koji grant-permission --new $NEW_PERMS $NEW_USER
fi
2023-09-05 10:07:45 +02:00
# Generate a certificate for the user
pushd "$KOJI_PKI_DIR"
$SCRIPT_DIR/koji-gencert.sh "$NEW_USER" "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/CN=$NEW_USER"
popd
2023-09-06 02:04:26 +02:00
# crete a bundle (tarball) for deployment to the user
if [[ ! -d $KOJI_PKI_DIR/bundle ]] ; then
mkdir -p $KOJI_PKI_DIR/bundle
fi
2023-09-28 13:17:09 +02:00
WORK_DIR=`mktemp -p /tmp -d $NEW_USER-XXXXXXXX`
2023-09-06 02:04:26 +02:00
# check if tmp dir was created
if [[ ! "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
echo "Could not create temp dir"
exit 1
fi
2023-09-28 13:17:09 +02:00
# function to delete the temp directory
function cleanup {
rm -rf "$WORK_DIR"
}
2023-09-06 02:04:26 +02:00
# register the cleanup function to be called on the EXIT signal
trap cleanup EXIT
pushd $WORK_DIR
mkdir -p .koji
2024-10-05 09:28:10 +02:00
cp $KOJI_PKI_DIR/$NEW_USER.pem $WORK_DIR/.koji/koji_$NEW_USER.pem
2024-10-04 01:54:07 +02:00
cp $KOJI_PKI_DIR/koji_ca_bundle.pem $WORK_DIR/.koji/koji_ca_bundle.pem
2024-10-05 09:28:10 +02:00
cp $KOJI_PKI_DIR/certs/"$NEW_USER"_browser_cert.p12 $WORK_DIR/.koji/koji_"$NEW_USER"_browser_cert.p12
2023-09-06 02:04:26 +02:00
cat > $WORK_DIR/.koji/config <<- EOT
[koji]
server = $KOJI_URL/kojihub
weburl = $KOJI_URL/koji
topurl = $KOJI_URL/kojifiles
topdir = $KOJI_DIR
2024-10-05 09:28:10 +02:00
cert = ~/.koji/koji_$NEW_USER.pem
2024-10-04 01:54:07 +02:00
serverca = ~/.koji/koji_ca_bundle.pem
2023-09-06 02:04:26 +02:00
anon_retry = true
authtype = ssl
EOT
tar -zcf koji-"$NEW_USER"-bundle.tgz .koji
cp koji-"$NEW_USER"-bundle.tgz $KOJI_PKI_DIR/bundle/.
popd
echo "The Koji CLI and Web key bundle for $NEW_USER is $KOJI_PKI_DIR/bundle/koij-$NEW_USER-bundle.tgz"